Welcome to the [HSX] website!

Been Gaming since 2003

Community Driven Site

Gaming, Web Development, and Support

  

 
Main Menu
 
DFG
 Home
 Join our Clan
 [HSX] Roster
 BF3 Stats
 Forums
 News
 Downloads
 News Letter
 Video tutorials
 Supporters
 Uploads
 F.A.Q
· FAQ
· Docs
· Forums FAQ
 [HS] History
 PHP Nuke Tools
 WhoIS Lookup
 Site Map
 Write a Review
 Image Repo
 Logout
DFG
DFG DFG DFG

 
[HSX] Donations
 
DFG
Donation
This here is a combined total of what we need to keep us going each month.

11 %

Donate

End DateFeb 01
Target$50.00
Below Target$44.47
CurrencyUSD

Donators This Month
Jan 19Wolf$5.53
DFG
DFG DFG DFG

 
 Search our Site
 
DFG DFG
DFG DFG DFG

 
Theme Management
 
DFG


DFG
DFG DFG DFG

 
Survey
 
DFG What is your favorite game to play ATM?

WarThunder
World of Tanks
H1Z1
MechWarrior Online
ARK
WarFace
SWTOR
BattleField serier
COD Series
Diablo
Armored Warfare



Results
Polls

Votes 735
Comments: 0
DFG
DFG DFG DFG

 
Honey Pot
 
DFG
Bots in the pot!
We have [1386] bots stopped!

DFG
DFG DFG DFG

     
DFG HeadShot Extreme :: View topic - Website Security Update


Search for at
HeadShot Extreme Advanced Search

Website Security Update
Post new topic   Reply to topic   printer-friendly view    HeadShot Extreme Forum Index -> News
View previous topic :: View next topic  
Author Message
[HSX]coRpSE

Top Dog
Top Dog
Nuke Dev / Coder
Nuke Dev / Coder



Clan Leader


This user has donated over $300 to the clan.

coRpSE
Currently Offline
Last Seen Online:
19 mins ago

Most Played:
This week: 34.6hrs.
Total played: 96hrs.


  
Is this your job?



  • » Show Info «


Status: coRpSE is offline
PostPosted: Sat Mar 16, 2013 5:54 pm Post subject: No icon Website Security Update Reply with quote

Over the past few weeks, I have been working on updating our security and making our more secure.
As most of you know, we have been running Sentinel for some time and that has been doing a good job on hackers, but I like to have a bit more protections. To give you a little insight on what Sentinel is, it is a security feature that comes built into RavenNuke and Xtreme Evo CMS websites that helps protect from proxies, DOS protection, Santy Worm protection, and many other things. It also has a system that helps protect from illegal access into the admin side of the website. This system has been doing a great job up to now, but for safety reasons, I felt it was time to add in a bit more that covered a few other area's of the site that was not in Sentinels range of protections.

First area is going with BB Antispam, AKA, Advanced Textual Confirmation (ATC). It works as an invisible intermediate between the user and your PHP program. ATC checks the user requests and activates when the user submits data.

If the user isn't validated as a human yet, ATC starts the confirmation process:
  • ATC selects a random question.
  • Then waits until the user gives the correct answer.
  • Afterwards, the user is marked as a human, and the user request is forwarded to complete their registration on our site.


This is a bit more secure then just using the captcha that is found on this CMS. We have been running this system for a while and since we went with this,
Expand
our bots have almost been gone for good. What I ended up doing with it is going one step further with it, and made the question now asking for information on a image I made, to the left, you can see an example of what I was talking about. Some of the questions are asking like what color is red. As you can see that red is actually green, but most bots would just say red so it had stuff like that in it to confuse it.

Our next system in place is "Stop Forum Spam, which is more like the MBL that we all know from games like COD4 and RTCW, where it checks the username and email against the API database and then Nuke does what it needs to do which is automatically stopping the registration process for them.

With that, we also have zb-block which is a new addition to the site and is still in testing. I is a php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description of what the problem was. If the attacker persists, then they will be served up a permanently reoccurring 503 OVERLOAD message with a 24 hour timeout.

Here is in simple of what it does:
  • Saves money by reducing hacker bandwidth usage! (by 2,500% on this site's index page alone!)
  • Strengthing your site against defacement.
  • Preventing PHP script exploitation.
  • Ending Remote File Include (RFI) exploits.
  • Protecting against directory traversal attacks.
  • Stopping MySQL database injection and tampering.
  • Removing access from known bad addresses and domain names.
  • Blocking access from top level domains, like .cn (China) and .kp (North Korea).


What ZB Block is Good at:
  • Avoiding website scraping/content theft.
  • Deterring bad user agents.
  • Halting referrer spam.
  • Impeding some Cross Site Scripting (XSS) attacks.


So if you run into any issues with the new security features that we are running, please contact me on TS3 and I will try helping you to get back on the site.


Expand
Back to top
View user's profile Send private message Visit poster's website
HeadShot Domain, Been in buisness for over 10 years...
FURION

NOOB!!!
NOOB!!!







  • » Show Info «


Status: FURION is offline
PostPosted: Tue Mar 19, 2013 3:03 pm Post subject: No icon Re: Website Security Update Reply with quote

I added a ton of IPs into my htaccess file from countries that are known for spambots, hacking and general and overall malicious behavior.  Since I have done that I would say 99% of the silliness has stopped.  Every once ina great while I might get a notification, but it is very rare.
Back to top
View user's profile Send private message Visit poster's website
HeadShot Domain, Been in buisness for over 10 years...
[HSX]coRpSE

Top Dog
Top Dog
Nuke Dev / Coder
Nuke Dev / Coder



Clan Leader


This user has donated over $300 to the clan.

coRpSE
Currently Offline
Last Seen Online:
19 mins ago

Most Played:
This week: 34.6hrs.
Total played: 96hrs.


  
Is this your job?



  • » Show Info «


Status: coRpSE is offline
PostPosted: Wed Mar 20, 2013 5:34 pm Post subject: No icon Re: Website Security Update Reply with quote

were they range bans? if so, I personally don't like doing that all to much for there are allot of innocent people that could be in those ranges. also IP blocking can only go so far for the past years they have been going through proxies so basically with that, even if you banned their IP's they can still get around it. That's why these added security will hep but will not 100% accurately blocks because that's just the nature of the beast.

That's why I made this tutorial on ClanThemes on how to add the security that I put in and how.
Please login to see this link
Get registered or Log in


 
Back to top
View user's profile Send private message Visit poster's website
HeadShot Domain, Been in buisness for over 10 years...
Sponsor
Display posts from previous:
Post new topic  Reply to topic   printer-friendly view HeadShot Extreme Forum Index ->  News All times are UTC - 7 Hours [DST enabled]
Page 1 of 1
 


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Related topics
 Topics   Replies   Author   Views   Last Post 
No new posts admin acp error 1 worfwarrior 316 Fri May 19, 2017 6:06 pm
coRpSE View latest post
No new posts No Option for Simple Permissions For Admin Forums 4 SSmokinJoe 549 Mon Sep 05, 2016 9:36 am
coRpSE View latest post
No new posts New PM script, admin configuration controls 4 coRpSE 1271 Sun Feb 08, 2015 6:26 am
coRpSE View latest post
No new posts Back, Again o-o 7 NiX 2783 Sun Apr 01, 2012 5:23 pm
NiX View latest post
No new posts good to be back! 3 Ruphus 1737 Thu Feb 16, 2012 1:49 pm
coRpSE View latest post
 




Powered By: phpBB © 2001 - 2008 phpBB Group
SimpleBlack V2 By: killigan
© DarkForge Graphics 2008 - 2009 All Rights Reserved

Googlepage: GooglePullerPage
DFG
DFG DFG DFG
Forums ©
Copyright © HeadShotDomain 2016 By: coRpSE
SimpleBlack V2 By: Killigan
Powered By: Evolution-Xtreme